Location: PHPKode > projects > Redaxscript > includes/password.php
<?php

/* password generator */

function password_generator()
{
	$a = mt_rand(1, 1000000);
	$b = md5($a);
	$output = substr($b, 0, 10);
	return $output;
}

/* password reset form */

function password_reset_form()
{
	/* disable fields if attack blocked */

	if (ATTACK_BLOCKED > 9)
	{
		$class_disabled = ' field_disabled';
		$code_disabled = ' disabled="disabled"';
	}

	/* collect output */

	$output = '<h2 class="title_content">' . l('password_reset') . '</h2>';
	$output .= form_element('form', 'form_reset', 'js_check_required box_reset', '', '', '', 'action="' . REWRITE_STRING . 'password_reset" method="post"');
	$output .= form_element('fieldset', '', '', '', '', l('fields_request') . l('point')) . '<ul>';
	$output .= '<li>' . form_element('number', 'task', 'js_required field_text field_required' . $class_disabled, 'task', '', captcha('task'), 'maxlength="2" required="required" autofocus="autofocus"' . $code_disabled) . '</li>';
	$output .= '</ul></fieldset>';
	$output .= form_element('hidden', '', '', 'id', FIRST_SUB_PARAMETER);
	$output .= form_element('hidden', '', '', 'password', THIRD_PARAMETER);
	$output .= form_element('hidden', '', '', 'solution', captcha('solution'));
	$output .= form_element('hidden', '', '', 'token', TOKEN);
	$output .= form_element('button', '', 'js_submit field_button' . $class_disabled, 'password_reset', l('submit'), '', $code_disabled);
	$output .= '</form>';
	$_SESSION[ROOT . '/password_reset'] = 'visited';
	echo $output;
}

/* password reset post */

function password_reset_post()
{
	/* clean post */

	if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/password_reset'] == 'visited')
	{
		$post_id = clean($_POST['id'], 0);
		$post_password = clean($_POST['password'], 0);
		$password = password_generator();
		$task = $_POST['task'];
		$solution = $_POST['solution'];
	}

	/* query user information */

	if ($post_id && $post_password)
	{
		$users_query = 'SELECT id, name, email, password FROM ' . PREFIX . 'users WHERE id = ' . $post_id . ' && password = \'' . $post_password . '\' && status = 1';
		$users_result = mysql_query($users_query);
		while ($r = mysql_fetch_assoc($users_result))
		{
			foreach ($r as $key => $value)
			{
				$key = 'my_' . $key;
				$$key = stripslashes($value);
			}
		}
	}

	/* validate post */

	if ($post_id == '' || $post_password == '')
	{
		$error = l('input_incorrect');
	}
	else if (md5($task) != $solution)
	{
		$error = l('captcha_incorrect');
	}
	else if ($my_id == '' || $my_password == '')
	{
		$error = l('access_no');
	}
	else
	{
		/* email new password */

		$login_string = ROOT . '/' . REWRITE_STRING . 'login';
		$login_link = anchor_element('', '', '', $login_string, $login_string);
		$body_array = array(
			l('password_new') => $password,
			code1 => '<br />',
			l('login') => $login_link
		);
		send_mail($my_email, $my_name, s('email'), s('author'), l('password_new'), $body_array);

		/* update password */

		$query = 'UPDATE ' . PREFIX . 'users SET password = \'' . md5($password) . '\' WHERE id = ' . $post_id . ' && password = \'' . $post_password . '\' && status = 1';
		mysql_query($query);
	}

	/* handle error */

	if ($error)
	{
		if (s('blocker') == 1)
		{
			$_SESSION[ROOT . '/attack_blocked']++;
		}
		if ($post_id && $post_password)
		{
			$back_string = 'password_reset/' . $post_id . '/' . $post_password;
		}
		else
		{
			$back_string = 'reminder';
		}
		notification(l('error_occurred'), $error, l('back'), $back_string);
	}

	/* handle success */

	else
	{
		notification(l('operation_completed'), l('password_sent'), l('login'), 'login');
	}
	$_SESSION[ROOT . '/password_reset'] = '';
}
?>
Return current item: Redaxscript